CVE-2004-0940

Description

Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error.

CVSS breakdown

CVSS 3.1

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected products

apache / http_server1.3 – 1.3.32
HP / hp-ux11.22 – 11.22
HP / hp-ux11.00 – 11.00
HP / hp-ux11.11 – 11.11
HP / hp-ux11.20 – 11.20
openpkg / openpkg2.1 – 2.1
openpkg / openpkg2.2 – 2.2
openpkg / openpkg2.0 – 2.0
slackware / slackware_linux9.0 – 9.0
slackware / slackware_linux8.0 – 8.0
slackware / slackware_linux8.1 – 8.1
slackware / slackware_linux9.1 – 9.1
slackware / slackware_linux10.0 – 10.0
slackware / slackware_linuxcurrent – current
SUSE / suse_linux8.0 – 8.0
SUSE / suse_linux8.1 – 8.1
SUSE / suse_linux8.2 – 8.2
SUSE / suse_linux9.0 – 9.0
SUSE / suse_linux9.1 – 9.1
SUSE / suse_linux9.2 – 9.2
trustix / secure_linux1.5 – 1.5

Description

CVSS breakdown

Affected products

References